Vulnerability Name: | CVE-2005-0953 (CCN-19926) | ||||||||||||||||||||
Assigned: | 2005-03-30 | ||||||||||||||||||||
Published: | 2005-03-30 | ||||||||||||||||||||
Updated: | 2018-10-19 | ||||||||||||||||||||
Summary: | Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | ||||||||||||||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||||||
CVSS v2 Severity: | 3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
2.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||||||
Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||
References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-05:14.bzip2 bzip2 denial of service and permission race vulnerabilities Source: NETBSD Type: UNKNOWN NetBSD-SA2008-004 Source: SGI Type: UNKNOWN 20060301-01-U Source: CCN Type: BugTraq Mailing List, Wed Mar 30 2005 - 15:38:55 CST bzip2 TOCTOU file-permissions vulnerability Source: MITRE Type: CNA CVE-2005-0953 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2005:972 bzip2 security fixes Source: CCN Type: Apple Web site About the security content of Mac OS X 10.4.11 and Security Update 2007-008 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307041 Source: APPLE Type: UNKNOWN APPLE-SA-2007-11-14 Source: BUGTRAQ Type: UNKNOWN 20050330 bzip2 TOCTOU file-permissions vulnerability Source: CCN Type: RHSA-2005-474 bzip2 security update Source: SECUNIA Type: UNKNOWN 19183 Source: CCN Type: SA27274 Sun Solaris bzip2 Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 27274 Source: CCN Type: SA27643 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 27643 Source: SECUNIA Type: UNKNOWN 29940 Source: CCN Type: bzip2 Web site The bzip2 and libbzip2 official home page Source: CCN Type: Sun Alert ID: 103118 Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created Source: SUNALERT Type: UNKNOWN 103118 Source: SUNALERT Type: UNKNOWN 200191 Source: CCN Type: ASA-2007-451 Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created (Sun 103118) Source: DEBIAN Type: Patch, Vendor Advisory DSA-730 Source: DEBIAN Type: DSA-730 bzip2 -- race condition Source: FEDORA Type: UNKNOWN FLSA:158801 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:026 Source: CCN Type: OpenPKG-SA-2005.008 bzip2 Source: CCN Type: OpenPKG-SA-2005.010 OpenPKG Source: CCN Type: OpenPKG-SA-2007.002 bzip2 Source: OPENPKG Type: UNKNOWN OpenPKG-SA-2007.002 Source: REDHAT Type: UNKNOWN RHSA-2005:474 Source: BUGTRAQ Type: UNKNOWN 20070109 rPSA-2007-0004-1 bzip2 Source: BID Type: UNKNOWN 12954 Source: CCN Type: BID-12954 bzip2 chmod File Permission Modification Race Condition Weakness Source: BID Type: UNKNOWN 26444 Source: CCN Type: BID-26444 Apple Mac OS X v10.4.11 2007-008 Multiple Security Vulnerabilities Source: CCN Type: TLSA-2005-60 Two vulnerabilities discovered in bzip2 Source: CCN Type: USN-127-1 bzip2 vulnerabilities Source: CERT Type: US Government Resource TA07-319A Source: VUPEN Type: UNKNOWN ADV-2007-3525 Source: VUPEN Type: UNKNOWN ADV-2007-3868 Source: XF Type: UNKNOWN bzip2-toctou-symlink(19926) Source: XF Type: UNKNOWN bzip2-toctou-symlink(19926) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10902 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1154 | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |